[Bug 1815320] [NEW] Potential data loss in CryFS 0.9.9 (fixed in 0.9.10)

Launchpad Bug Tracker 1815320 at bugs.launchpad.net
Sat Feb 9 23:24:48 UTC 2019 

You have been subscribed to a public bug by Sebastian Messmer (cryfs):

CryFS 0.9.10 fixed a dead lock and a race condition, the latter of which
can cause data loss if the file system is under heavy load and accessed
concurrently.

Changelog: https://github.com/cryfs/cryfs/blob/0.9.10/ChangeLog.txt

Some user reports about the data loss:
- https://github.com/cryfs/cryfs/issues/243
- https://github.com/cryfs/cryfs/issues/224
- https://github.com/cryfs/cryfs/issues/237

This issue is fixed in 0.9.10 but stable Ubuntu versions (bionic, cosmic) still distribute 0.9.9.
The package should be updated in the software repositories.

Notes:
- A 0.9.10 package is already in Debian and Ubuntu Disco, see https://packages.debian.org/buster/cryfs and https://packages.ubuntu.com/search?keywords=cryfs
- Debian will soon update to 0.10, and Ubuntu Disco is expected to follow. However, older Ubuntu versions should not update to 0.10.0 but only to 0.9.10 to fix the data loss bug.
- CryFS has an extensive test suite testing each release, the regression risk is low.


[Test Case]

Follow the instructions in the linked GitHub issues. Since this is a
race condition, it doesn't always manifest, but
https://github.com/cryfs/cryfs/issues/224 was quite stable to me:

1. Create a cryfs file system

$ cryfs -f /tmp/basedir /tmp/mountdir

Note: the '-f' causes CryFS to run in foreground, i.e. you won't get
your terminal back. Keep it running and open a new terminal for the next
commands.

2. Create a video file in the mounted directory

$ ffmpeg -i some_video_file.mp4 /tmp/mountdir/video.avi

3. Open /tmp/mountdir/video.avi VLC and run it

$ vlc /tmp/mountdir/video.avi

4. While it is running, re-create it

$ ffmpeg -i some_video_file.mp4 /tmp/mountdir/video.avi

5. Observe the crash in the terminal running the CryFS process


[Regression Potential]

The race condition was fixed in 0.9.10 using additional mutexes, so the
most likely regression is the introduction of a new deadlock.

Generally, CryFS has a very extensive test suite and CI that is run on
each commit and each release, see
https://github.com/cryfs/cryfs/tree/0.9.10/test

** Affects: cryfs (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Potential data loss in CryFS 0.9.9 (fixed in 0.9.10)
https://bugs.launchpad.net/bugs/1815320
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list